Existing general purpose operating systems generally control access to data, such as files, objects, directories, etc., by configuring users as security principals upon presentation of a user ID. When a user executes an application, the user's ID is included within a security token associated with the application that is located within the kernel of the operating system. When the application requests data, the user's ID within the security token is compared to an Access Control List (ACL) associated with the data. Where the user's ID is contained in the ACL, and the ACL grants the desired access, the application is provided access to the data.
In operation, the above-described configuration provides any application executed by the user to have the permissions owned by the user. In effect, the application can do anything—such as reading, writing, utilizing (e.g. using email addresses) and erasing data—that the user has permission (from the operating system) to do.
Thus, if the user inadvertently executes a malicious application, that application will be able to steal, erase, maliciously utilize or otherwise damage files to which the user has permissions. This puts the user's data at substantial risk every time an unknown application is executed. The risk is compounded by attachments to email messages and files downloaded over the internet.
Conventional operating systems have sought to limit the damage that results from execution of malicious programs by structuring permissions such that many important files cannot be damaged by the user. Such a system can prevent a malicious application executed by the user from damaging important system files. For example, the “administrator” may be given more permissions than the “user,” who in turn may be given more permissions than a “guest” user. In particular, the administrator may have permission to alter any file; the user may have permission only to alter the user's files, and the guest user may be barred from accessing the user's files and data. Such a structure has the benefit of limiting the damage that an application, having been executed by users with lesser privileges, can do. That is, while a malicious application executed by the user may damage, expose or delete the user's files, objects and/or data, many system files may be protected from the application because the ACLs on the system files restrict access to the User ID.
However, despite the protection given to some files, conventional operating systems have failed to provide adequate protection to many of the user's files, data, etc. A particularly frequent example of this breakdown involves failure to protect the user's list of email addresses. This is particularly unfortunate, because access to a user's email address list allows a malicious application to generate bogus email messages or spread via an email attachment.
Accordingly, a need exists for new and better systems and methods wherein computer environments are configured to protect data, files objects, etc. More particularly, a need exists for improvements to operating systems, wherein data, objects, files, etc, are better protected.